HMRC access is brokered through the PlayPay relay

1. Given the app needs HMRC user-restricted access
2. When authorisation starts
3. Then the relay creates the HMRC authorisation URL
4. And the app does not embed HMRC client secrets
5. And the returned state is used to complete the connection

HMRC identity and income sources are resolved

1. Given HMRC access is available
2. When PlayPay requests the taxpayer identity
3. Then the business id is resolved
4. And available income sources are stored for attribution
5. And multiple sources require a default source decision before filing

Obligations are checked through versioned HMRC APIs

1. Given HMRC access is available
2. When obligations are checked
3. Then PlayPay asks HMRC for the supported tax year range
4. And open obligations are cached
5. And obligation status determines whether filing or recheck is shown

Quarterly submission calls are audited

1. Given a quarterly submission is sent
2. When HMRC accepts or rejects the request
3. Then the request and response outcome are logged
4. And correlation evidence is retained
5. And sensitive values are redacted from published reports

Integration smoke evidence is published

1. Given the HMRC smoke suite has run
2. When the capabilities site is generated
3. Then the integration section links to the HMRC report
4. And the manifest records pass, fail, skipped, and total counts